๐บ๐ธ
TPI-Abuse
2026-07-07 05:58:10
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 01:57:59.190547 2026] [security2:error] [pid 11093:tid 11093] [client 36.85.248.30:52288] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 36.85.248.30 (+1 hits since last alert)|feiz.church|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "feiz.church"] [uri "/xmlrpc.php"] [unique_id "akyVZyRCsQ_Ck2VN5LyK0wAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
LRob
2026-07-07 05:33:26
(1 day ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; ht ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["WordPress.com; https://wordpress.com","Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)","Jetpack by WordPress.com","Jetpack by WordPress.com
show less
Brute-Force
Web App Attack
๐ธ๐ช
konseptit
2026-07-07 04:53:45
(1 day ago)
(wordpress) Failed wordpress login from 36.85.248.30 (ID/Indonesia/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-07 04:04:00
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 00:03:57.171452 2026] [security2:error] [pid 22247:tid 22247] [client 36.85.248.30:60236] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 36.85.248.30 (+1 hits since last alert)|fusionrep.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fusionrep.com"] [uri "/xmlrpc.php"] [unique_id "akx6rYkT332IoaI2w17oOgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
abdubhai
2026-07-07 04:01:44
(1 day ago)
36.85.248.30 - - [07/Jul/2026:09
...
Brute-Force
Anonymous
2026-07-07 03:34:58
(1 day ago)
36.85.248.30 - - [07/Jul/2026:05:34:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1; ...
show more
36.85.248.30 - - [07/Jul/2026:05:34:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1; WordPress/6.4; http://site17263792.com"
36.85.248.30 - - [07/Jul/2026:05:34:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/12.1; WordPress/6.4; http://site17263792.com"
36.85.248.30 - - [07/Jul/2026:05:34:46 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
36.85.248.30 - - [07/Jul/2026:05:34:47 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)"
36.85.248.30 - - [07/Jul/2026:05:34:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1; WordPress/6.1; http://site27280289.com"
...
show less
Brute-Force
Web App Attack
Anonymous
2026-07-07 03:20:26
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 03:03:55
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 23:03:46.150086 2026] [security2:error] [pid 16116:tid 16116] [client 36.85.248.30:51562] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 36.85.248.30 (+1 hits since last alert)|techoutletec.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "techoutletec.com"] [uri "/xmlrpc.php"] [unique_id "akxskguUgwKeu7ZO2cCGpAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 09:37:49
(2 days ago)
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.enerescpm.com; logs=/var/log/httpd/domains/enerescpm.com ...
show more
[ssd5.kdns.gr] httpd-xmlrpc-post: sites=www.enerescpm.com; logs=/var/log/httpd/domains/enerescpm.com.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 09:36:28
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 05:36:17.198483 2026] [security2:error] [pid 17786:tid 17786] [client 36.85.248.30:34481] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 36.85.248.30 (+1 hits since last alert)|thehealthyplaceclayton.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thehealthyplaceclayton.com"] [uri "/xmlrpc.php"] [unique_id "akt3EQ1Omy-2-wtBc49OGAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
abdubhai
2026-07-06 09:34:14
(2 days ago)
36.85.248.30 - - [06/Jul/2026:14
...
Brute-Force
๐ฉ๐ช
Marc
2026-07-06 09:02:42
(2 days ago)
36.85.248.30 - - [06/Jul/2026:11:02:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3294 "-" "Jetpack by W ...
show more
36.85.248.30 - - [06/Jul/2026:11:02:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3294 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" 36.85.248.30 - - [06/Jul/2026:11:02:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3295 "-" "Jetpack/13.0; WordPress/6.2; http://site78233425.com" 36.85.248.30 - - [06/Jul/2026:11:02:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3296 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 03:47:57
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 23:47:40.235892 2026] [security2:error] [pid 30023:tid 30023] [client 36.85.248.30:57998] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 36.85.248.30 (+1 hits since last alert)|exhaustthelimits.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "exhaustthelimits.org"] [uri "/xmlrpc.php"] [unique_id "akslXHseDJ8xrECslhkOaQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
LRob
2026-07-05 13:35:33
(3 days ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack/12.5; Wor ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack/12.5; WordPress/6.2; http://site68955838.com","Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)","WordPress.com; https://wordpress.com
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 11:26:18
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 36.85.248.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 07:26:13.761153 2026] [security2:error] [pid 30428:tid 30428] [client 36.85.248.30:60724] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tedharris.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tedharris.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ako_VVBnb40AVjfyrsckRwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack